From 7825e99e36212e3738794879a2fa8c4eec77c468 Mon Sep 17 00:00:00 2001 From: Jamie Lennox Date: Mon, 14 Jul 2014 10:00:55 +1000 Subject: [PATCH] Change unscoped token fallback to be session aware The existing way of sending requests to the auth_url was to override the management_url for the duration of a single call. Aside from being ugly, this won't work with session objects where the management_url is ignored. The tests for this behaviour have been previously merged to ensure that the before and after behaviour remains unchanged. Change-Id: I879adcb25dd373ab4a7b77b6539974e22220aad4 --- keystoneclient/v2_0/tenants.py | 21 ++++++++++++--------- keystoneclient/v2_0/tokens.py | 23 +++++++++++++++-------- 2 files changed, 27 insertions(+), 17 deletions(-) diff --git a/keystoneclient/v2_0/tenants.py b/keystoneclient/v2_0/tenants.py index 93d68902b..79d98d559 100644 --- a/keystoneclient/v2_0/tenants.py +++ b/keystoneclient/v2_0/tenants.py @@ -17,7 +17,9 @@ import six from six.moves import urllib +from keystoneclient import auth from keystoneclient import base +from keystoneclient import exceptions class Tenant(base.Resource): @@ -114,15 +116,16 @@ class TenantManager(base.ManagerWithFind): if params: query = "?" + urllib.parse.urlencode(params) - reset = 0 - if self.api.management_url is None: - # special casing to allow tenant lists on the auth_url - # for unscoped tokens - reset = 1 - self.api.management_url = self.api.auth_url - tenant_list = self._list("/tenants%s" % query, "tenants") - if reset: - self.api.management_url = None + # NOTE(jamielennox): try doing a regular admin query first. If there is + # no endpoint that can satisfy the request (eg an unscoped token) then + # issue it against the auth_url. + try: + tenant_list = self._list('/tenants%s' % query, 'tenants') + except exceptions.EndpointNotFound: + endpoint_filter = {'interface': auth.AUTH_INTERFACE} + tenant_list = self._list('/tenants%s' % query, 'tenants', + endpoint_filter=endpoint_filter) + return tenant_list def update(self, tenant_id, tenant_name=None, description=None, diff --git a/keystoneclient/v2_0/tokens.py b/keystoneclient/v2_0/tokens.py index dc1b0a281..e5a21d428 100644 --- a/keystoneclient/v2_0/tokens.py +++ b/keystoneclient/v2_0/tokens.py @@ -10,7 +10,9 @@ # License for the specific language governing permissions and limitations # under the License. +from keystoneclient import auth from keystoneclient import base +from keystoneclient import exceptions from keystoneclient import utils @@ -48,14 +50,19 @@ class TokenManager(base.Manager): params['auth']['tenantId'] = tenant_id elif tenant_name: params['auth']['tenantName'] = tenant_name - reset = 0 - if self.api.management_url is None: - reset = 1 - self.api.management_url = self.api.auth_url - token_ref = self._create('/tokens', params, "access", - return_raw=return_raw, log=False) - if reset: - self.api.management_url = None + + args = ['/tokens', params, 'access'] + kwargs = {'return_raw': return_raw, 'log': False} + + # NOTE(jamielennox): try doing a regular admin query first. If there is + # no endpoint that can satisfy the request (eg an unscoped token) then + # issue it against the auth_url. + try: + token_ref = self._create(*args, **kwargs) + except exceptions.EndpointNotFound: + kwargs['endpoint_filter'] = {'interface': auth.AUTH_INTERFACE} + token_ref = self._create(*args, **kwargs) + return token_ref def delete(self, token):